Published: 14/02/2008 Updated: 15/10/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 440

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Multiple cross-site scripting (XSS) vulnerabilities in Cacti 0.8.7 prior to 0.8.7b and 0.8.6 prior to 0.8.6k allow remote malicious users to inject arbitrary web script or HTML via (1) the view_type parameter to graph.php; (2) the filter parameter to graph_view.php; (3) the action parameter to the draw_navigation_text function in lib/functions.php, reachable through index.php (aka the login page) or data_input.php; or (4) the login_username parameter to index.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cacti cacti 0.8
cacti cacti 0.8.1
cacti cacti 0.8.5a
cacti cacti 0.8.6c
cacti cacti 0.6.7
cacti cacti 0.8.4
cacti cacti 0.8.5
cacti cacti 0.8.7a
cacti cacti 0.8.2
cacti cacti 0.8.2a
cacti cacti 0.8.6f
cacti cacti 0.8.6i
cacti cacti 0.8.3
cacti cacti 0.8.3a
cacti cacti 0.8.6j
cacti cacti 0.8.7

It was discovered that Cacti, a systems and services monitoring frontend, performed insufficient input sanitising, leading to cross site scripting and SQL injection being possible For the stable distribution (etch), this problem has been fixed in version 086i-34 For the unstable distribution (sid), this problem has been fixed in version 087b ...

source: wwwsecurityfocuscom/bid/27749/info Cacti is prone to multiple unspecified input-validation vulnerabilities, including: - Multiple cross-site scripting vulnerabilities - Multiple SQL-injection vulnerabilities - An HTTP response-splitting vulnerability Attackers may exploit these vulnerabilities to influence or misrepresent ...

source: wwwsecurityfocuscom/bid/27749/info Cacti is prone to multiple unspecified input-validation vulnerabilities, including: - Multiple cross-site scripting vulnerabilities - Multiple SQL-injection vulnerabilities - An HTTP response-splitting vulnerability Attackers may exploit these vulnerabilities to influence or misrepresent ho ...

CWE-79 http://www.cacti.net/release_notes_0_8_7b.php http://www.securityfocus.com/bid/27749 http://www.securitytracker.com/id?1019414 http://secunia.com/advisories/28872 http://www.mandriva.com/security/advisories?name=MDVSA-2008:052 https://bugzilla.redhat.com/show_bug.cgi?id=432758 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00570.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00593.html http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00001.html http://secunia.com/advisories/28976 http://secunia.com/advisories/29242 http://security.gentoo.org/glsa/glsa-200803-18.xml http://secunia.com/advisories/29274 http://securityreason.com/securityalert/3657 http://www.debian.org/security/2008/dsa-1569 http://secunia.com/advisories/30045 http://bugs.cacti.net/view.php?id=1245 http://www.securityfocus.com/bid/34991 http://www.vupen.com/english/advisories/2008/0540 https://exchange.xforce.ibmcloud.com/vulnerabilities/50575 http://www.securityfocus.com/archive/1/488018/100/0/threaded http://www.securityfocus.com/archive/1/488013/100/0/threaded https://nvd.nist.gov https://www.debian.org/security/./dsa-1569 https://www.exploit-db.com/exploits/31158/

CVE-2008-0783

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect